» swsys.exe
Overview
Analysis
File Details
Behaviors (1)

swsys.exe

SoftActivity AM Client

Deep Software Inc.

The application swsys.exe by Deep Software has been detected as a potentially unwanted program by 19 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SWClient’.

File name:

swsys.exe

Publisher:

Deep Software Inc. (signed and verified)

Product:

SoftActivity AM Client

Version:

4.3.0.2216

MD5:

51f3e2a298d87cbb025d4c230f09c887

SHA-1:

ae09126fec1baca798b67fd8a1f678303663cf8a

SHA-256:

f4f737b15f79d2d6f5c3f638b85c708149f3825f6f50ffc3cae1f43ba3ed0976

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

2/28/2025 10:18:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.42957

385

Avira AntiVirus

ADSPY/ActMon.Q

7.11.198.70

avast!

Win32:ActivityLogger-E [PUP]

2014.9-160115

Bitdefender

Application.Generic.42957

1.0.20.75

Comodo Security

UnclassifiedMalware

20503

Fortinet FortiGate

Riskware/ActivityLogger

1/15/2016

F-Secure

Application.Generic.42957

11.2016-15-01_6

G Data

Application.Generic.42957

16.1.24

IKARUS anti.virus

not-a-virus:Monitor.Win32.ActivityLogger.a

t3scan.1.8.5.0

Kaspersky

not-a-virus:Monitor.Win32.ActivityLogger

14.0.0.812

MicroWorld eScan

Application.Generic.42957

17.0.0.45

Norman

Suspicious_Gen2.AEEXF

11.20160115

Panda Antivirus

Generic Malware

16.01.15.03

Qihoo 360 Security

Win32/Trojan.f12

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.13795466!326718566

23.00.65.16113

Sophos

Activity Monitor

4.98

Trend Micro House Call

GRAY_Gen.0X1412S

7.2.15

Trend Micro

GRAY_Gen.0X1412S

10.465.15

VIPRE Antivirus

Activity Monitor

36136

File size:

679.4 KB (695,672 bytes)

Product version:

4.3.0.2216

File type:

Executable application (Win32 EXE)

Language:

English (Canada)

Common path:

C:\Program Files\softactivity\amsys\swsys.exe

Digital Signature

Signed by:

Deep Software Inc.

Authority:

VeriSign, Inc.

Valid from:

1/30/2008 6:00:00 PM

Valid to:

2/10/2009 5:59:59 PM

Subject:

CN=Deep Software Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Deep Software Inc., L=New Westminster, S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

689B2362AA25648A3909C3B9B894C85A

File PE Metadata

Compilation timestamp:

4/10/2008 2:49:09 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:P9CFt3u5fnqlZ0Uz4nx1eUsHM+IEGpzK6FSkFvbAeF0CxYgdbEwh:4hdYUzOf0HMp5pzvEenYEb

Entry address:

0x1000

Entry point:

68, 01, 60, 4F, 00, E8, 01, 00, 00, 00, C3, C3, 92, 97, F9, 34, 21, C9, FF, FB, 15, 4D, 00, A2, C8, 3E, 16, 5D, 20, 9C, FC, C1, 52, D4, 8C, B2, B7, C1, E2, 64, 22, A5, B0, 2B, F3, 54, 4D, B7, 80, 47, 38, 26, 7D, F9, 60, FF, C1, 44, 58, 50, DD, 5D, 38, 1F, 75, E2, F8, 45, 2F, 00, 8B, ED, 08, 5E, B9, F5, 4B, A8, A7, 85, 45, F6, FD, 81, A7, 81, C1, C6, 98, B9, 09, F5, 36, 2C, 5F, 3B, CE, 96, 50, 13, BE, B2, FE, F7, 1F, 57, 5A, 08, D1, 09, 5B, FC, 23, 96, 70, A0, 28, 1B, 05, 1D, 60, 16, 51, 94, A3, 28, E4, C5... 
[+]

Entropy:

7.9600

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

808 KB (827,392 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SWClient

Command:

C:\Program Files\softactivity\amsys\swsys.exe

Remove swsys.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.